> Well, I'm glad they're not using IIS then. However, this is > an illustration of their inability to configure a server > correctly, rather than an illustration of some special > problem with IIS. I mean, this stuff is just not that hard. > We're talking about ten minutes of initial configuration, or > one minute if you've written a script to automate the process.
I believe that the issue with it "not being that hard" is that most people believe that IIS is perfectly good "out of the box", so they leave it as-is... My biggest issue is that script kiddies attack is BECAUSE it's Microsoft - I'm not willing to take that risk > The problem with IIS is similar to the problem with Windows - > neither is designed to serve well as a public Internet server > with their default configurations. If you're going to use > Windows for public Internet servers, then you have to know > how to configure them appropriately. The same is true for IIS. I agree 100% - but how many companies don't... > Yes, I'm aware of the WebSite feature set. However, I think > you're missing my point. I must have mis-read your email - I thought you was trying to use those as a "selling point"... > Those are all things that should be TURNED OFF on a production > web server - or any internet-facing web server - that isn't > specifically using those features. If you turn them off, you > don't have any problems. If you do need to use those features, > then you have to go through some hoops to ensure that they're > set up securely. The amount of features I've disables in WSP is pretty big - in fact we turned off the remote config, all SSI stuff, etc. etc. it's not worth the hassle Philip Arnold Technical Director Certified ColdFusion Developer ASP Multimedia Limited Switchboard: +44 (0)20 8680 8099 Fax: +44 (0)20 8686 7911 www.aspmedia.co.uk www.aspevents.net An ISO9001 registered company. ********************************************************************** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. ********************************************************************** ______________________________________________________________________ This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Archives: http://www.mail-archive.com/cf-talk@houseoffusion.com/ Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebar=lists
